Community Forums
Connect with us on LinkedIn
Community Notice
+ Reply to Thread
Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Apr 2005
    Posts
    99

    Default CSF question re banned IP addresses.

    We have installed CSF (Configserver Security Firewall) on our server (as a cpanel plug-in) and it's been sending me some emails about some banned IP addresses:

    Banned the following ip addresses on Wed Jun 24 10:03:01 BST 2009

    1.2.3.4.5.6(ip) with 230 connections
    What does this actually mean? Is it definitely an attack? 230 open connections? Is it the same as hits?

    It's banned about 8 IP's and interestingly they come from an education establishment's ISP and another two ISPs that all resolve to the same geographical area! Which is what makes me think this is a calculated attack.

    Also the odd thing is, even tho it's banned these IPs - it keeps sending me an email with them saying it's banned them again... are they just temporarily banned?

    Thanks in advance!

  2. #2
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    7,172
    cPanel/Enkompass Access Level

    Root Administrator

    Lightbulb

    You'll have more luck over at the CSF forums for questions like this.
    ConfigServer Scripts Forum - Powered by vBulletin Reading the manual is always a good idea too.
    http://www.configserver.com/free/csf/readme.txt

    You can set it to the number of connection(s) tracking you like, how to block temp or perm, along with lots more. Just needs to be looked at a few hundred times and tweaked as you go for your own system.

    If you're in a hurry, open CSF, click Firewall Security level, click high. Then save. Good solid starting point that you can tweak later to your own tastes.

    GL

  3. #3
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jul 2005
    Location
    New Jersey, USA
    Posts
    397

    Default

    The subject and headers of that email should provide more details on why it was banned. You can also check the logs and the csf deny file.

  4. #4
    Member
    Join Date
    Apr 2005
    Posts
    99

    Default

    Thanks for the replies. I've looked at the readme file, but it doesn't explain the connections. Also posted on the CSF forum, but no answer.

    Anyone here know what these connections actually are?

Similar Threads & Tags
Similar threads

  1. Replies: 9
    Last Post: 12-02-2010, 03:09 AM
  2. Labels for Banned IP Addresses
    By drbender in forum Feature Requests for cPanel/WHM
    Replies: 0
    Last Post: 06-28-2010, 02:05 AM
  3. csf question
    By salvatore333 in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 05-29-2007, 06:29 PM
  4. csf Ip adding question.
    By Luciel in forum cPanel and WHM Discussions
    Replies: 6
    Last Post: 01-22-2007, 06:33 PM
  5. CSF Install Question - before starting
    By superiorhost in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 12-11-2006, 03:00 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube